Troubleshootiong ssl connection refused errors to web interface
Posted: 28 Dec 2020, 22:34
NZBGet v21.0 running in a Docker container on my Synology NAS, in a home environment, and no ports/services exposed to the Internet. Regular HTTP connections to port 6789 working fine, as are all connections to indexers.
I'm in process of configuring HTTPS for all my Intranet apps (routers, Pi-Hole, Radarr, NZBHydra, Sonarr, Bazarr, and NZBGet).
I'm seeing ERR_CONNECTION_REFUSED when connecting via HTTPS on port 6791 on Windows 10 and Max OS X devices (Safari and Edge browsers).
Here's what I've configured . . .
NZBGet security settings:
I've tried three different certs (all encoded as BASE64 ASCII (PEM)):
I don't think the issue is related to certificate encoding. If it was working I would expect to at least see a browser warning.
I've checked that the server is listening on tcp/6791:
I've restarted the container after changing settings.
I've temporarily disabled the Windows 10 firewall app, and my Mac doesn't run a firewall app.
I'm running low on troubleshooting ideas, any pointers greatly appreciated
I'm in process of configuring HTTPS for all my Intranet apps (routers, Pi-Hole, Radarr, NZBHydra, Sonarr, Bazarr, and NZBGet).
I'm seeing ERR_CONNECTION_REFUSED when connecting via HTTPS on port 6791 on Windows 10 and Max OS X devices (Safari and Edge browsers).
Here's what I've configured . . .
NZBGet security settings:
- ControlIP set to 0.0.0.0
- SecureControl enabled, secure port 6791
- SecureCert path /config/keystore/certificate.pem
- SecureKey path /config/keystore/private_key.pem
- /config is mapped to a folder in a volume on my NAS and the account running NZBGET in Docker has full permissions to the folder
- CertCheck setting toggled on and off (makes no difference)
I've tried three different certs (all encoded as BASE64 ASCII (PEM)):
- Server cert issued from internal CA (internal root CA is trusted by all devices)
- Valid server cert issued from a commercial CA
- Self-signed test cert issued from selfsignedcertificate.com
I don't think the issue is related to certificate encoding. If it was working I would expect to at least see a browser warning.
I've checked that the server is listening on tcp/6791:
Code: Select all
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:6789 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:6791 0.0.0.0:* LISTEN -
I've temporarily disabled the Windows 10 firewall app, and my Mac doesn't run a firewall app.
I'm running low on troubleshooting ideas, any pointers greatly appreciated